|
|
I have an openvpn server that is multihomed. It has a private ip on the eth0 interface, and an external public ip on eth1. I'm trying to setup laptops so there is no configuration requred wether they are inside or outside the network, openvpn just establishes a connection and works. So, I've configured the openvpn clients to always establish the tunnel to the public ip address of the server. It should work, since the default route inside the network will still be able to get there. The problem comes up from the fact that openvpn doesn't appear to reply to the other end of the tunnel with udp packets having the same source address as the destination of the original packets. Its sent replies have a source ip address of the interface the reply packets were sent via. Normally that would be ok, because you can use the --float option and when the replies from the server come back with a different ip, the peer (the notebook) will see it and change the tunnel destination address to the source of the packets, in this case the private ip of the server. Now here's the twist that causes the problem: we have a multilocation internal network using frame relay. Many of the remote offices use a wireless network internally, and many of the notebooks attach using those links. Because of the security issues of the wireless networks, the wireless routers are firewalled so they can't talk to internal machines directly, so the only traffic allowed to pass from those routers are packets destined for the public ip of the tunnel server. So we don't want to use the --float option. I just want openvpn to reply with the same ip! Can it be forced to? Tested with openvpn 1.5.0. Evan ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |